privacy

Microsoft, the company that has been plagued by security concerns with Internet Explorer in the past, has announced that it would change its new disclosure policy to inform customers explicitly that it will not use personal information obtained from product and service usage. This will protect customers from data being passed onto third-party companies for marketing and advertising.

Verizon has begun selling customer information, according to a report by Yahoo!. The carrier is passing on geographical locations, app usage and even web browsing activities to third-parties. This - as one would expect - has raised privacy questions.

The start of October saw Verizon start offering reports to marketers showing what subscribed customers are doing on mobile phones, including what iOS and Android apps are used in locations.

Did you know those using Facebook apps on their mobile devices can access your email address even if it's not displayed on your profile when checking the website? Most users of the social network don't.

Headlines have continuously attacked Facebook due to privacy concerns, confusing account settings and other monstrosities, but today we'll look at a quick tip on how to prevent your email address being available to contacts who can view your profile.

Just because your personal email address isn't viewable on the website when checking your profile via a web browser, don't be fooled into believing your friend's Windows Phone won't pull it down to his (or her) contact list. By default, it seems Facebook's settings are configured so email addresses are invisible to the 'timeline' but are still available and accessible by friends. So how does one configure email settings on Facebook to prevent them being accessed?

Online ads can be annoying and it appears Microsoft is working on a way to focus these ads more towards your likes and away from your dislikes. We ran across the Microsoft Personal Data Dashboard that will let you filter out the unwanted ads and let those you might be interested in through. These filters will likely impact ads you see over on Outlook.com and on your Windows Phone.

The Dashboard has several sections or tabs with the main tab reflecting your Windows Live Profile. Additional sections include:

My Data: Here is where you can tag your interests and dislikes from a wide variety of topics. You can also narrow down your likes and dislikes to the brand names of products.

The My Data page also lets you view your Bing search history and any Microsoft Newsletters you are currently subscribed to.

The location services on your Windows Phone can come in handy for navigation apps, finding local services and focus ad banners to content relative to your location. It also allows wireless providers and OS manufacturers to provide location services to allow customers to locate their phones if lost.

A recent Court ruling may have opened the door for law enforcement to use the same location services to track you without a warrant (at least in the Sixth Circuit). The case in question involves a drug dealer, Melvin Skinner, who was tracked by Federal Agents using his cell phone location services. Agents received Court authorization to obtain information on the cell phones used by Skinner that was in turn used to track his location. The tracking information obtained by law enforcement not only connected Skinner to the crimes but would also lead agents to his location for arrest.

A few days ago, questions were raised over Skype's security in that Microsoft is reconfiguring the Skype network to allow Law Enforcement Agencies can have access to intercept calls. Mark Gillett, Skype's Chief Development and Operations Officer, responded to these concerns today.

With regards to the claims Skype has made changes in its architecture to provide Law Enforcement Agencies have greater access to Skype communications, Gillett says that this is false:

"The move was made in order to improve the Skype experience, primarily to improve the reliability of the platform and to increase the speed with which we can react to problems. The move also provides us with the ability to quickly introduce cool new features that allow for a fuller, richer communications experience in the future."

Our audience is smart enough to know that no electronic system of communication is impervious to eavesdropping and there’s very little out there that’s near 100% secure. So it should come as no surprise that Skype is getting some publicity of its internal network restructuring that started occurring once Microsoft acquired the company last year.

The charge: Microsoft is reconfiguring the Skype network so that it Law Enforcement Agencies (LEA) can have access to intercept calls over the network to aid in investigations.

The reality is of course convoluted with no concrete evidence but it’s worth mentioning what exactly is going on here. So head past the break to get the scoop.

Do you own a Windows Phone that's connected on a AT&T account? You might not be aware of this, but you can restrict the use of personal data, should you have any privacy concerns or simply do not wish for the carrier to contact you. Customer Proprietary Network Information (or CPNI) is personal information obtained by the telecommunications company through providing a service to the customer.

So what is this all about, and should you be bothered? AT&T collects information from you based on the services you have on your account. All carriers (and many companies) carry out the same actions to offer similar services / products to customers. If you've received a call from a company you use often who are attempting to sell you a related product, this is exactly what we're talking about.

Majority of the time the offers are exclusive to that call and may not be available online or in-stores. A mobile carrier may offer the latest Windows Phone at a discounted price, or on a plan that has 6 months subtracted from the contract. In this case, AT&T will contact you and provide said offers, but according to the privacy policy the carrier will not sell / disclose CPNI to third-parties without customer consent. You'll need to check the policies of other carriers and companies to be sure they don't sell on your information.

To keep everything in check and restrict AT&T's use of your CPNI, be sure to give the carrier a call. Should you feel the need to do so with any other company, you can also enquire to request exclusion from future marketing and promotional offers where possible.

Microsoft has updated the how-to section of the official Windows Phone website to include a small tip regarding when location based services are currently active. A small indicator (see above image) will be included in a future update, which be displayed with the other disappearing status indicators that will alert the user as to when apps are using the phone's location.

Microsoft informed The Verge that the update will be included with handsets shipping with Windows Phone "Tango" with existing devices receiving the update once the company has finalised the update with carriers.

"After the new devices are out, we’ll start the process of working with mobile operators to bring an update to current customers. It’ll be a few months before we have specifics on that roll out,

Just how long existing consumers will have to wait for the update hasn't been specified, but it's a positive move to fight privacy concerns. We could well see the update including this location indicator being bundled with the new features in "Tango" for Mango users.

With all the litigation going on involving the smartphone industry, something good might have come from one Courtroom. The California Attorney General has struck a deal with Microsoft, Apple, Google, HP, RIM and Amazon that will have new privacy policies put in place.

In a nutshell the agreement will:

Require any software that uses personal information to provide a privacy policy that can be viewed in the store before any app is downloaded.

There will also be a requirement to provide links to the relevant documents in an obvious and consistent location.

Each app store will provide a simple way for users to report developers that violate the rules.

Each platform is committed to educating developers about their obligations to respect consumer privacy and to disclose what private information they collect, how it is used and how it is shared.

As far as enforcement is concerned, violators can be prosecuted under California's Unfair Competition and False Advertising laws. Not sure how far of a reach such enforcement will have but it's a start.

Tango, the cross-platform video calling application, appears to following in the footsteps of iPhone's Path application when it comes to the poor management of private account data. (Not to be confused with the Windows Phone update, codenamed Tango.) Today, a reader wrote in detailing how the PC client (version 1.6.14117 at time of writing) allows one armed with simply a mobile number access to any Tango user's contact data -- and account -- by simply using the application in a specific manner. While we won't share exact details, we must admit it's not hard to figure out. And just a few months ago, Tango was discovered to be downloading contact details without permission.

Using the steps provided, we were able to download a colleague's Tango contact data, make Tango calls, and manage account details with ease. This possibly indicates that Tango's security code-based account validation is simply an arbitrary client-side check -- a big no-no.

Update: Tango let us know the issue has been fixed and an update has been pushed out to users. Kudos to the Tango team for the quick response.

O2 has come under fire as reports are coming through of the network sharing mobile numbers with websites when browsing the web via 3G. Whenever you connect to a website from a mobile device you provide information detailing what model the phone is as well as the web browser. This data enables that website to be displayed more effectively for your handset (taking into account different screen resolutions as an example).

It seems O2 is going one step further by providing actual phone numbers in with this data, which would unacceptable as malicious websites could use this information to contact the user, and it would be a breach of the Data Protection Act. Check out the below capture of an O2 number being sent with the header data.

Twitter user @lewispeckover has set up a webpage (seen above) that displays HTTP header information sent by the connecting device, so you can check for yourself whether your carrier is sending your number to every website you visit. Scary stuff. We checked on Three UK and everything seems normal. Let us know in the comments or in the WPCentral Forum's discussion if you try out the script (your number will be displayed after "x-up-calling-line-id" if it's being sent) and can see your number displayed.

Data Protection Watchdog has since issued a statement on the situation:

"When people visit a website via their mobile phone they would not expect their number to be made available to that website. We will now speak to O2 to remind them of their data breach notification obligations, and to better understand what has happened, before we decide how to proceed."

Jerry Brown, Governor of California, has blocked passage of bill SB 914, which would require police to have a court order before viewing the contents of a cell phone carried by a detained suspect. The bill was written by State Senator Mark Leno in response to a California Supreme Court decision that classified cell phones as personal property, the same as a suspect's wallet, bag, etc., which police can currently search without a warrant. SB 914 was passed by the California legislature and had the support of the ACLU.

Brown clarified his position in a statement:

"This measure would overturn a California Supreme Court decision that held that police officers can lawfully search the cellphones of people who they arrest. The courts are better suited to resolve the complex and case-specific issues relating to constitutional search-and-seizures protections."

What's especially alarming about this action is that SB 914 would have prevented police from obtaining private information such as email, texts, financial information and internet history. All of these things would be considered off limits on a computer without a warrant, but somehow are allowed because they are on a phone.

It's unclear is whether a suspect would be required to disclose a password in the case that they have their phone locked, but to our CA readers, you'd better password-protect your phones, just in case. Or better yet, don't go getting yourselves arrested!

Microsoft is reporting that they have discovered unintended behavior with its Windows Phone location services. Following a Federal Lawsuit that claims Microsoft was doing such, Microsoft said they'd look into the claims and sure enough, they found a bug.

In a statement released earlier on Wednesday, Microsoft revealed,

"We have identified an unintended behavior in the Windows Phone 7 software that results in information about nearby Wi-Fi access points and cell towers being periodically sent to Microsoft when using the Camera application, and, for phones that are configured for US-English, when using the phone’s voice command features (such as “Find Pizza”). For the Camera, the software bug results in the behavior even where you have disabled geo-tagging photos in the Camera application."

Oops.

Microsoft did state that the recent Mango Update eliminates the unintended behavior (lawyer talk for "we didn't know it was there") by the camera application and voice command feature. However, the bugs are still present when using the "Me" feature in the Peoples Hub. Wifi access points and cell tower information is sent to the Windows Phone location service each time a user accesses "Me".

Microsoft is already working on an update to fix the "Me" bug after which, information about nearby Wifi access points and cell towers will be sent only if you agree to allow the "check in" feature of "Me". There was no time frame on this update but I suspect it will be sooner than later.

In the meantime, Microsoft is reminding Windows Phone customers that you can prevent access to location information by applications and the collection of location information by going to Settings>Location and turning this feature off.

While it's never good for any operating system to have such bugs, you've gotta give kudos to Microsoft for moving quickly to identify the problem and working to fix things without delay. You can read more about this disclosure and Microsoft's Privacy Policy here at Microsoft.com.

Microsoft has recently made changes to its geographic location service, which we reported on not so long ago as having a lack of safeguards and a privacy flaw. Elie Bursztein, a researcher at Stanford University, created a web page that allowed visitors to search the database at Live.com for locations using device MAC addresses.

Reid Kuhn, a Partner Group Program Manager on the Windows Phone engineering team, made the announcement today over at Technet and stated that while it was not possible to track a roaming mobile phone or laptop using its MAC address, they aware of the fine line Microsoft was treading on with regards to privacy issues surrounding geolocation.

"Microsoft's privacy and security team has been in contact with Elie and we will continue the ongoing dialog with experts in the privacy field to improve our service offerings. We thank Elie and his team for working with us on this issue."

Microsoft's privacy and security team has been in contact with Elie and we will continue the ongoing dialog with experts in the privacy field to improve our service offerings. We thank Elie and his team for working with us on this issue.

European Parliament members are up in arms after a recent admission by Microsoft that they may be required by the Patriot Act to secretly give U.S. authorities access to European data stored in Microsoft's cloud. The controversy stems from the EU's Data Protection Directive, which dictates that companies must notify users if/when their data is handed over to another party. If Microsoft is forced to follow Patriot Act guidelines, then that would mean the U.S. law would trump European law. Some parliamentarians have taken up the cause to prevent that from happening.

Sophia In't Veld, a member of the Parliament's civil liberties committee, urged her colleagues to consider the matter:

"Does the Commission consider that the U.S. Patriot Act thus effectively overrules the E.U. Directive on Data Protection? What will the Commission do to remedy this situation, and ensure that E.U. data protection rules can be effectively enforced and that third country legislation does not take precedence over E.U. legislation?"

Currently, the Safe Harbor act, which allows companies like Microsoft to transfer data from European storage facilities guarantees users reasonable security and enforcement. However, if the Patriot Act is allowed supersede that, then it renders that guarantee useless. Theo Bosboom, IT lawyer with Dirkzager Lawyers, had this to say:

"I'm afraid that Safe Harbor has very little value anymore, since it came out that it might be possible that U.S. companies that offer to keep data in a European cloud are still obliged to allow the U.S. government access to these data on basis of the Patriot Act..."

The struggle for data protection extends beyond the issue of sovereignty of state. Should the matter remain as is, it opens the floodgates for other companies' data to be secretly put in the hands of U.S. officials. Google, Facebook, Twitter, etc. could all be affected. European Parliament members have taken up the cause for their constituents, but until it is fully resolved, Bosboom says that, "Europeans would be better to keep their data in Europe. If a European contract partner for a European cloud solution, offers the guarantee that data stays within the European Union, that is without a doubt the best choice, legally."

If there is one thing Windows phone users know, it's that their little device can hold a whole lot of information. Whether it's e-mail, personal finances, PIN codes, documents, or naked drunk pictures of yourself at that office holiday party, these mini computers can contain a vast resource of information about our personal lives (and those around you).

At least according to a recent Ohio Supreme Court ruling, no the police cannot search your phone. Like other areas such as car and home searches, police are required to get a search warrant first. To quote the NY Times:

The Ohio Supreme Court ruled this month, by a 4-to-3 vote, that the search violated the Fourth Amendment’s protection against unreasonable search and seizure. Rather than seeing a cellphone as a simple closed container, the majority noted that modern cellphones — especially ones that permit Internet access — are “capable of storing a wealth of digitized information.”

Expanding upon that notion, there is no need to distinguish between "smartphones" and "dumbphones" either as all phones will be covered, ruling out potential areas of dispute in court.

Of course the flip-side is law enforcement will argue that this will make their job harder, something to which we sympathize. Regardless, we are quite pleased with this decision. (Counter argument: we're trying to think of situations where remote-wiping could be nefariously employed here once the phone is in possession, but not searched yet by the police. Hmmm...)

Either way, would you trust that guy (above) with your tricked out, custom Touch Pro 2 with stealth-tethering hack? Heck, no ...

Now the iPhone is getting a taste of the future with SpyPhone. SpyPhone can steal all sorts of things, including "... geolocation data, passwords, address book entries and email accounts information, images, Safari Browsing history, youtube, keyboard logger, etc.".

Now the truly frightening part: it works on Jailbroken and "virgin" phones alike. It just uses the public API offered by Apple to use it's own features as exploits. Acting like a trojan, the app will steal and send out your data.

So much for the "jailbroken = security threat" meme.

This is just another volley it what is sure to be an ongoing problem with the mobile internet age, though for once Microsoft might not be the number one security target. Point is, we know this can already be done on Windows Mobile so folks will need to keep their ears perked.

A bit of hoopla was raised last week over border search policies disclosed by the U.S. Department of Homeland Security. In almost every news story, the word "laptop" was used in the headline. And this is true. Your laptop can be seized and its information inspected for an unspecified amount of time, no suspicion necessary.

If you're visiting WM Experts, you're probably a fine, upstanding member of society, and a model patriot and benefit to the American way of life, blah blah blah.

But the next logical question is, "Can they take my Windows Mobile device?" Check in after the jump for the answer, and for some tips that could save you some time and embarrassment. (Though if you're looking for a way to completely sneak one past the government and cause some shenanigans, you're at the wrong place.)

Welcome back. So can The Man snag your phone and look at your data?

The answer is: Absolutely. Along with just about anything (electronic or otherwise) you have on your person.

CBP [Customs and Border Protection] is responsible for ensuring compliance with customs, immigration, and other Federal laws at the border. To that end, officers may examine documents, books, pamphlets, and other printed material, as well as computers, disks, hard drives, and other electronic or digital storage devices. These examinations are part of CBP's long-standing practice and are essential to uncovering vital law enforcement information. For example, examinations of documents and electronic devices are a crucial tool for detecting information concerning terrorism, narcotics smuggling, and other national security matters; alien admissibility; contraband including child pornography, monetary instruments, and information in violation of copyright or trademark laws; and evidence of embargo violations or other import or export control laws.

The policy isn't new, and it applies to anyone entering the United States, citizen or not.

Handling the information

So customs can snag your device, copy your data or inspect it on site, and there's not a whole lot you can do to stop them from doing so. If they find probable cause that you're up to no good, they may "seize and retain the originals and/or copies of relevant documents or devices, as authorized by law."

And your data can be copied and shared with just about any other governmental agency.

Copies of documents or devices, or portions thereof, which are retained in accordance with this section, may be shared by CBP with Federal, state, local, and foreign law enforcement agencies only to the extent consistent with applicable law and policy.

Other provisions

Windows Mobile is primarily still a business device, and businesspeople tend to travel with sensitive information.

There are provisions for "business information," though it doesn't say much more than "We'll do what we can to keep your stuff from falling into the wrong hands." And it adds that "Depending on the nature of the information presented, the Trade Secrets Act, the Privacy Act, and other laws may govern or restrict the handling of the information."

But we don't recommend claiming that the photos you took of the, er, entertainment, on your - cough, cough - "business trip" to Tijuana are proprietary information.

Attorney-client privilege is also addressed. While claiming such can't keep them from being searched, it should bring an extra level of oversight in the handling of your data.

Correspondence, court documents, and other legal documents may be covered by attorney-client privilege. If an officer suspects that the content of such a document may constitute evidence of a crime or otherwise pertain to a determination within the jurisdiction of CBP, the officer must seek advice from the Associate/Assistant Chief Counsel or the appropriate U.S. Attorney's office before conducting a search of the document.

What can you do?

The easiest answer is, leave your laptop or WinMo device at home. But that's not much of an answer, is it?

Here are a couple of simple solutions.

1. The cloud: We love the cloud. We talk about the cloud all the time. Store your data in the ether, and you don't have to worry about someone snagging it off your device. (Who has access to it way up the sky is a whole 'nother matter, but that's for another day.)

2.The ninja-stealth move: We'll keep saying it until we're blue in the face. Backup software is your friend, and SPB Backup 2.0 is perfect for this one.

It's as simple as doing a full - and encrypted - backup of your device, and saving that backup to a storage card (which you should already be doing) or, better yet, somewhere in the cloud (though the 20-meg or so file sizes could be a problem there).

Then, before heading back across the border, do a hard reset and wipe your device. When you get back home, restore from the backup, and you're right where you left off. No muss, no fuss.

The caveat

This isn't a foolproof way to keep your data completely out of the hands of, well, anyone but you, nor is it meant to be. If Jack Bauer wants to make sure you're not using your phone to make his next 24 hours a living hell, he's going to do so. (And, yes, we're well aware that it takes more than a simple reformatting to make data irretrievable.) This is just the equivalent of keeping a screener from riffling through your underwear in your suitcase, looking for a shotgun.

That said, there isn't a whole lot of legal precedent for this sort of thing yet, so there likely will be some bumps in the road.

Look, we certainly don't endorse transporting anything illegal over U.S. (or anyone else's) borders. And we're all for catching terrorists before they strike. So please don't view this as a way to circumvent policies and procedures meant to safeguard all of us.